BUGFIX: KVM_SET[GET]_SREGS is called with illegal vcpu_fd

Author: ddk

kvm/qemu/vl.c

@@ -5269,7 +5269,6 @@ void cpu_save(QEMUFile *f, void *opaque)
     if (kvm_allowed) {
         for (i = 0; i < NR_IRQ_WORDS ; i++) {
             qemu_put_betls(f, &env->kvm_interrupt_bitmap[i]);
-			
         }
         qemu_put_be64s(f, &env->tsc);
     }
@@ -6273,8 +6272,8 @@ int main_loop(void)
                 reset_requested = 0;
                 qemu_system_reset();
 #ifdef USE_KVM
-				if (kvm_allowed)
-				  kvm_load_registers(env);
+		if (kvm_allowed)
+		  kvm_load_registers(env);
 #endif
                 ret = EXCP_INTERRUPT;
             }

kvm/winkvm-qemu/migration.c

@@ -812,18 +812,11 @@ static int migrate_incoming_fd(int fd)
 {
     int ret = 0;
     QEMUFile *f = qemu_fopen_fd(fd);
-    uint32_t memsize;
-    int rret;
     uint32_t addr;
+    uint32_t memsize;
     extern void qemu_announce_self(void);
-	
-    memsize = 0;
-    rret = recv(fd, (void*)&memsize, sizeof(uint32_t), 0);
-    if (rret < 0) {
-      perror("recv error");		
-    }
 
-	memsize = bswap_32(memsize);   
+    memsize = qemu_get_be32(f);
     if (memsize != phys_ram_size) {
         fprintf(stderr, 
 		"src qemu is allocated %d [bytes] memory\n"
@@ -944,7 +937,8 @@ static int migrate_incoming_tcp(const char *host)
     }
 
 send_ack:
-    len = write(sfd, &status, 1);
+//    len = write(sfd, &status, 1);
+	len = send(sfd, &status, 1, 0);
     if (len == -1 && errno == EAGAIN)
         goto send_ack;
     if (len != 1) {
@@ -959,12 +953,15 @@ static int migrate_incoming_tcp(const char *host)
     }
 
 wait_for_go:
-    len = read(sfd, &status, 1);
+//    len = read(sfd, &status, 1);
+	len = recv(sfd, &status, 1, 0);
     if (len == -1 && errno == EAGAIN)
     goto wait_for_go;
     if (len != 1)
         rc = MIG_STAT_DST_READ_FAILED;
 
+	fprintf(stderr, "migrate incoming tcp end\n");
+
 error_accept:
     close(sfd);
 error_socket:

kvm/winkvm-qemu/qemu-kvm.c

@@ -181,7 +181,7 @@ static void load_regs(CPUState *env)
 
     regs.rflags = env->eflags;
     regs.rip = env->eip;
-
+    
     kvm_set_regs(kvm_context, 0, &regs);
 
     memcpy(sregs.interrupt_bitmap, env->kvm_interrupt_bitmap, sizeof(sregs.interrupt_bitmap));

kvm/winkvm-qemu/vl.c

@@ -5832,7 +5832,10 @@ static int fd_get_buffer(void *opaque, uint8_t *buf, int64_t pos, int size)
 	ssize_t len;
 
 again:
-	len = read(s->fd, buf + offset, size - offset);
+	/* len = read(s->fd, buf + offset, size - offset); */
+	/* this function is called by only migration.c */
+	/* So, this function is specialized with migration.c */
+	len = recv(s->fd, buf + offset, size - offset, 0);
 	if (len == -1) {
 		if (errno == EINTR || errno == EAGAIN)
 			goto again;
@@ -5899,8 +5902,8 @@ QEMUFile *qemu_fopen_compat(void *opaque, QEMUFilePutBufferFunc *put_buffer,
     if (!f)
         return NULL;
 
-	f->qemu_ff_compat = 1; 
-	f->opaque = opaque;
+    f->qemu_ff_compat = 1; 
+    f->opaque = opaque;
     f->put_buffer = put_buffer;
     f->get_buffer = get_buffer;
     f->close = close;
@@ -5941,7 +5944,6 @@ static void qemu_fill_buffer(QEMUFile *f)
     int len;
 
     if (f->qemu_ff_compat) {
-      fprintf(stderr, "%s is called with qemu_ff_compat mode\n", __FUNCTION__);
         if (!f->get_buffer)
             return;
 
@@ -6290,6 +6292,7 @@ int qemu_live_savevm_state(QEMUFile *f)
     return ret;
 }
 
+/* here is bugpoint */
 int qemu_live_loadvm_state(QEMUFile *f)
 {
     SaveStateEntry *se;
@@ -6308,9 +6311,10 @@ int qemu_live_loadvm_state(QEMUFile *f)
     }
 
     for(;;) {
-        len = qemu_get_byte(f);
-    if (len == 0)
-        break;
+        len = qemu_get_byte(f);	   
+		if (len == 0)
+			break;
+		fprintf(stderr, "qemu_live_loadvm_state loop\n");
         qemu_get_buffer(f, idstr, len);
         idstr[len] = '\0';
         instance_id = qemu_get_be32(f);
@@ -6897,6 +6901,7 @@ int cpu_load(QEMUFile *f, void *opaque, int version_id)
             qemu_get_betls(f, &env->kvm_interrupt_bitmap[i]);
         }
         qemu_get_be64s(f, &env->tsc);
+		fprintf(stderr, "kvm_load_regsiters() in %s\n", __FUNCTION__);
         kvm_load_registers(env);
     }
 #endif   
@@ -7980,8 +7985,10 @@ static int main_loop(void)
                 reset_requested = 0;
                 qemu_system_reset();
 #ifdef USE_KVM
-                if (kvm_allowed)
+                if (kvm_allowed) {
+					fprintf(stderr, "kvm_load_registers() in %s\n", __FUNCTION__);
                     kvm_load_registers(env);
+				}
 #endif
                 ret = EXCP_INTERRUPT;
             }
@@ -8926,14 +8933,14 @@ int main(int argc, char **argv)
                 break;
 #ifdef CONFIG_SLIRP
             case QEMU_OPTION_tftp:
-        tftp_prefix = optarg;
+				tftp_prefix = optarg;
                 break;
             case QEMU_OPTION_bootp:
                 bootp_filename = optarg;
                 break;
 #ifndef _WIN32
             case QEMU_OPTION_smb:
-	      net_slirp_smb(optarg);
+				net_slirp_smb(optarg);
                 break;
 #endif
             case QEMU_OPTION_redir:
@@ -9228,8 +9235,8 @@ int main(int argc, char **argv)
 
 #ifndef _WIN32
     if (daemonize && !nographic && vnc_display == NULL) {
-    fprintf(stderr, "Can only daemonize if using -nographic or -vnc\n");
-    daemonize = 0;
+		fprintf(stderr, "Can only daemonize if using -nographic or -vnc\n");
+		daemonize = 0;
     }
 
     if (daemonize) {

vcproj/user/kvmctldll/kvmctl.c

@@ -605,9 +605,9 @@ int kvm_set_regs(kvm_context_t kvm, int vcpu, struct kvm_regs *regs)
 {
 	BOOL ret;
 	int fd = kvm->vcpu_fd[vcpu];
-	unsigned long retlen;	
+	unsigned long retlen;
 
-	regs->vcpu_fd = fd;
+	regs->vcpu_fd = fd;	
 	ret = DeviceIoControl(
 		     kvm->hnd,
 			 KVM_SET_REGS,
@@ -631,6 +631,8 @@ int kvm_get_sregs(kvm_context_t kvm, int vcpu, struct kvm_sregs *sregs)
 	unsigned long retlen;
 	int vcpu_fd = kvm->vcpu_fd[vcpu];
 
+	sregs->vcpu_fd = vcpu_fd;
+
 	ret = DeviceIoControl(
 		     kvm->hnd,
 			 KVM_GET_SREGS,
@@ -654,6 +656,8 @@ int kvm_set_sregs(kvm_context_t kvm, int vcpu, struct kvm_sregs *sregs)
 	unsigned long retlen;
 	int vcpu_fd = kvm->vcpu_fd[vcpu];
 
+	sregs->vcpu_fd = vcpu_fd;
+
 	ret = DeviceIoControl(
 		     kvm->hnd,
 			 KVM_SET_SREGS,